http://www.osnews.com/story/20366/Worst_Windows_Flaws_of_the_Past_Decade Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 09 Nov 2009 21:25:16 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://osnews.com/thread?332853 http://osnews.com/thread?332853 however the popups on the site in question were annoying,

interestingly, some of the conclusions of the aftermath of the malware are that an overall improvement in security and patch handling including hardware (cable modem firewalls built in for example) have occurred

cheers
anyweb Tue, 07 Oct 2008 20:46:00 GMT donotreply@osnews.com (anyweb) Comments http://osnews.com/thread?332855 http://osnews.com/thread?332855 to juvenile -> from juvenile Tue, 07 Oct 2008 21:55:00 GMT donotreply@osnews.com (Punktyras) Comments http://osnews.com/thread?332872 http://osnews.com/thread?332872 While this is pretty bad stuff and cost the industry millions, my favorite Windows bug did not make it to the list: Windows 98 would just hang after 49.7 days uptime due to faulty memory management. Expired just like a Brine shrimp: http://support.microsoft.com/?scid=kb%3Ben-us%3B216641&... Tue, 07 Oct 2008 23:45:00 GMT donotreply@osnews.com (dwave) Comments http://osnews.com/thread?332895 http://osnews.com/thread?332895 I believe that was a 32-bit timer count rollover bug, just like the one Linux 2.4 had for a while, except that Linux used a slower count and therefore lasted 400+ days.

That bug is the reason that the Linux 2.6 kernel now initializes the jiffies count to -5 minutes, forcing a rollover in order to catch that bug. Wed, 08 Oct 2008 03:46:00 GMT donotreply@osnews.com (zlynx) Comments http://osnews.com/thread?332921 http://osnews.com/thread?332921 Popups? Didn't see a single one. Wed, 08 Oct 2008 14:18:00 GMT donotreply@osnews.com (bryanv) Comments http://osnews.com/thread?332923 http://osnews.com/thread?332923 Same sort of bug, but vastly different effect. Those Linux systems just stopped recording uptime at 400+ days. Win98 basically ate itself and had to be rebooted. Wed, 08 Oct 2008 16:14:00 GMT donotreply@osnews.com (fsckit) Comments http://osnews.com/thread?332924 http://osnews.com/thread?332924 Actually it depended on which version of Linux 2.4 and what drivers were running. Many things didn't handle rollover well and if your SCSI controller decided command reset timeout was now 390 days in the future, the system may as well have been locked up.

At any rate, my original point (that I forgot to write out) was that the Windows bug wasn't a memory corruption bug, but this timer bug. Wed, 08 Oct 2008 16:31:00 GMT donotreply@osnews.com (zlynx) Comments http://osnews.com/thread?332925 http://osnews.com/thread?332925 Yeah, no pop ups here.

(don't tell me you are using IE) Wed, 08 Oct 2008 16:37:00 GMT donotreply@osnews.com (kwanbis) Comments http://osnews.com/thread?332968 http://osnews.com/thread?332968 My guess is that Microsoft's initial reaction was "How did someone manage to get 50 days of updtime out of Win98?" Thu, 09 Oct 2008 01:45:00 GMT donotreply@osnews.com (StephenBeDoper) Comments http://osnews.com/thread?332988 http://osnews.com/thread?332988 If it's a competition then this one is good also: Ubuntu had a version where the installer's log contained the root password in the the clear:
http://it.slashdot.org/article.pl?sid=06/03/13/0525254

But what's the point of listing all these vulnerabilities? Thu, 09 Oct 2008 08:33:00 GMT donotreply@osnews.com (renox) Comments http://osnews.com/thread?333010 http://osnews.com/thread?333010 Yeah, that Ubuntu one was pretty bad. But at least when they were informed of it, they fixed it right away. Within 24 hours I believe.

Apple had an easy local root vulnerability that required just one line of Applescript. They were warned 4 years ago that their design could cause this flaw, and Tiger shipped with a setuid root program that you could use to turn the vulnerability into an exploit. In August this year (2008) they finally fixed it.

It's not even like you had to do a buffer overflow attack or anything to root an OS X machine; just put in a single Applescript command on the command-line and you've got it. Apple never listened to the people who envisaged it. Apple took years to release a patch for something that really only required a single "chmod" command to fix the immediate problem, and who knows if the flaw can't be opened up again using third party programs. Thu, 09 Oct 2008 14:02:00 GMT donotreply@osnews.com (3rdalbum) Comments